Users of dovecot please be advised of a Multiple stack-based buffer overflows vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
MDVSA-2010:196: [MDVSA-2010:196] dovecot
Problem Description:
A vulnerability was discovered and corrected in dovecot:
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot
1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve,
allow context-dependent attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted SIEVE
script, as demonstrated by forwarding an e-mail message to a large
number of recipients, a different vulnerability than CVE-2009-2632
(CVE-2009-3235).
Packages for 2009.1 were missing with the previous MDVSA-2009:242
update. This update corrects this.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/bd84Sl
No comments:
Post a Comment